<?php
/**
 *  NevuxBB - Free Forum Software
 *  Copyright (C) 2008, 2010 NevuxBB (No one specific author)*  This program is free software: you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation, either version 3 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with this program.  If not, see <http://www.gnu.org/licenses/>.
 *
 * ACP Index
 * File: index.php
 * Purpose: Managing the ACP
 * Todo: Complete the ACP
 *
 */

$acp = true;
require('../system/files/global.php');

// set some header variables
$core_template_system->setvar('acp_page_title', $core_lang_system->get_var('ACP_L', 3));

// must be a valid session otherwise we wouldn't be here
if(isset($_POST['submit_f'])) {
	// has requested the ability to login
	if(!isset($_POST['acp_username']) || !isset($_POST['acp_password'])) {
		// display the header data
		$core_template_system->pparse();

		// load template file
		$core_template_system->newTemplate(BASE_PATH . '/acp/template/error.html');
		
		// set error
		$core_template_system->setvar(array('error_message' => $core_lang_system->get_var('ERR_MISSING_FIELDS', 3),
											'error' => $core_lang_system->get_var('ERROR', 4)));
		
		// display page
		$core_template_system->pparse();
	} else {
		// has all the parameters
		$login = CoreUserSystem::logAdminIn($_POST['acp_username'], $_POST['acp_password'], $_SERVER['REMOTE_ADDR'], $_SERVER['HTTP_USER_AGENT'], time());
		
		if($login !== true) {
			// failed to verify credentials
			switch($login) {
				case 1:
					// not a real user
					$err_message = $core_lang_system->get_var('ERR_NO_USER', 3);
					break;
				case 2: 
					// already logged in
					$err_message = $core_lang_system->get_var('ERR_ALREADY_LOGGEDIN', 3);
					break;
				case 3:
					// failed to set cookie
					$err_message = $core_lang_system->get_var('ERR_NO_COOKIE', 3);
					break;
				default:
					// unknown error
					$err_message = $core_lang_system->get_var('ERR_UNKNOWN', 3);
					break;
			}
			
			// display the header data
			$core_template_system->pparse();
	
			// load template file
			$core_template_system->newTemplate(BASE_PATH . '/acp/template/error.html');
			
			// set error
			$core_template_system->setvar(array('error_message' => $err_message,
												'error' => $core_lang_system->get_var('ERROR', 4)));
			
			// display page
			$core_template_system->pparse();
		} else {
			if($_SESSION['User']['acp_skip_login']) {
				// check to see if their code is correct
				if(($_POST['securi_code'] == $_SESSION['User']['acp_code']) && (($_SESSION['User']['acp_login_time'] + 60) > time())) {
					// all fine
					// display the header data
					$core_template_system->pparse();
					
					// load up template file
					$core_template_system->newTemplate(BASE_PATH . '/acp/template/login_securi_code.html');
					
					// set variables
					$core_template_system->setvar(array('acp_login' => $core_lang_system->get_var('ACP_L', 3),
														 'login' => $core_lang_system->get_var('LOGIN', 4),
														 'securi_code_instruction' => $core_lang_system->get_var('ACP_SECURI_CODE_INST2', 3),
														 'security_code' => $core_lang_system->get_var('ACP_SECURI_CODE', 3)));
					
					// display page
					$core_template_system->pparse();
				} else {
					// code was incorrect, or they took too long
					// display the header data
					$core_template_system->pparse();
			
					// load template file
					$core_template_system->newTemplate(BASE_PATH . '/acp/template/error.html');
					
					// set error
					$core_template_system->setvar(array('error_message' => $core_lang_system->get_var('ERR_INCORRECT_CODE', 3),
														'error' => $core_lang_system->get_var('ERROR', 4)));
					
					// display page
					$core_template_system->pparse();
				}
			} else {
				// something went horribly wrong
				// display the header data
				$core_template_system->pparse();
		
				// load template
				$core_template_system->newTemplate(BASE_PATH . '/acp/template/error.html');
				
				// set error
				$core_template_system->setvar(array('error_message' => $core_lang_system->get_var('ERR_UNKNOWN', 3),
													'error' => $core_lang_system->get_var('ERROR', 4)));
				
				// display page
				$core_template_system->pparse();
			}
		}
	}
} elseif(isset($_POST['submit_code'])) {
	// has submitted the security code
	if(!isset($_POST['securi_code_u'])) {
		// no code anyway
		// display the header data
		$core_template_system->pparse();

		// load template file
		$core_template_system->newTemplate(BASE_PATH . '/acp/template/error.html');
		
		// set error
		$core_template_system->setvar(array('error_message' => $core_lang_system->get_var('ERR_NO_CODE', 3),
											'error' => $core_lang_system->get_var('ERROR', 4)));
		
		// display page
		$core_template_system->pparse();
	} else {
		if(($_POST['securi_code_u'] == $_SESSION['User']['acp_code']) && (($_SESSION['User']['acp_login_time'] + 60) > time())) {
			// success, logging in
			$_SESSION['User']['acp_code_passed'] = true;
			
			// display the header data
			$core_template_system->pparse();
		
			// load template file
			$core_template_system->newTemplate(BASE_PATH . '/acp/template/redirect.html');
			
			// set url
			$core_template_system->setvar(array('redir_url' => 'index.php',
												'redirecting' => $core_lang_system->get_var('REDIRECTING', 4),
												'redirection_success' => $core_lang_system->get_var('CURRENT_REDIRECTION', 4),
												'browser_not_redirecting_message' => $core_lang_system->get_var('CLICK_REDIRECTION', 4)));
			
			// display page
			$core_template_system->pparse();
		} else {
			// was incorrect or took too long
			// display the header data
			$core_template_system->pparse();
	
			// load template file
			$core_template_system->newTemplate(BASE_PATH . '/acp/template/error.html');
			
			// set error
			$core_template_system->setvar(array('error_message' => $core_lang_system->get_var('ERR_INCORRECT_CODE', 3),
												'error' => $core_lang_system->get_var('ERROR', 4)));
			
			// display page
			$core_template_system->pparse();
		}
	}
} else {
	// we need to remove some old session information
	$_SESSION['User']['acp_md5'] = NULL;
	$_SESSION['User']['acp_login_time'] = NULL;
	$_SESSION['User']['acp_code'] = NULL;
	$_SESSION['User']['acp_code_passed'] = NULL;
	$_SESSION['User']['acp_skip_login'] = NULL;
	
	// display the header data
	$core_template_system->pparse();
	
	// display the ACP login form
	$core_template_system->newTemplate(BASE_PATH . '/acp/template/login.html');
	
	// set some variables
	$core_template_system->setvar(array('security_code' => CoreUserSystem::generateAdminSecurityKey(),
										'acp_login' => $core_lang_system->get_var('ACP_L', 3),
										'acp_login_brief' => $core_lang_system->get_var('ACP_L_BRIEF', 3),
										'username' => $core_lang_system->get_var('USERNAME', 4),
										'password' => $core_lang_system->get_var('PASSWORD', 4),
										'security_code_text' => $core_lang_system->get_var('ACP_SECURI_CODE', 3),
										'security_code_inst' => $core_lang_system->get_var('ACP_SECURI_CODE_INST', 3),
										'button_login' => $core_lang_system->get_var('LOGIN', 4)));
	
	// display the form
	$core_template_system->pparse();
}
?>